Add a new hash type. This "NT-hash" is compatible with the password

hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE!
DON'T USE IT! This is for the use of competent sysadmins only!

Submitted by:	Michael Bretterklieber

lib/libcrypt/Makefile

@@ -6,25 +6,29 @@ SHLIB_MAJOR=	2
 LIB=		crypt
 
 .PATH:		${.CURDIR}/../libmd
-SRCS=		crypt.c crypt-md5.c md5c.c misc.c
+SRCS=		crypt.c misc.c \
+		crypt-md5.c md5c.c \
+		crypt-nthash.c md4c.c
 MAN=		crypt.3
 MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
 CFLAGS+=	-I${.CURDIR}/../libmd -I${.CURDIR}/../libutil
-CFLAGS+=	-DLIBC_SCCS -Wall
-# Pull in the crypt-des.c source, assuming it is present.
-.if exists(${.CURDIR}/../../secure/lib/libcrypt/crypt-des.c) && \
-    !defined(NOCRYPT)
+
+# Pull in the strong crypto, if it is present.
+.if exists(${.CURDIR}/../../secure/lib/libcrypt) && !defined(NOCRYPT)
 .PATH:		${.CURDIR}/../../secure/lib/libcrypt
 SRCS+=		crypt-des.c crypt-blowfish.c blowfish.c
 CFLAGS+=	-I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH
 .endif
+
 # And the auth_getval() code and support.
 .PATH:		${.CURDIR}/../libutil
 SRCS+=		auth.c property.c
-.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \
-	    property_find properties_read properties_free
+.for sym in auth_getval property_find properties_read properties_free \
+	    MD4Init MD4Final MD4Update MD4Pad \
+	    MD5Init MD5Final MD5Update MD5Pad
 CFLAGS+=	-D${sym}=__${sym}
 .endfor
+
 PRECIOUSLIB=	yes
 
 .include <bsd.lib.mk>

lib/libcrypt/crypt-nthash.c

@@ -0,0 +1,88 @@
+/*-
+ * Copyright (c) 2003 Michael Bretterklieber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <netinet/in.h>
+
+#include <ctype.h>
+#include <err.h>
+#include <md4.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "crypt.h"
+
+/*
+ * NT HASH = md4(str2unicode(pw))
+ */
+
+/* ARGSUSED */
+char *
+crypt_nthash(const char *pw, const char *salt __unused)
+{
+	size_t unipwLen;
+	int i, j;
+	static char hexconvtab[] = "0123456789abcdef";
+	static const char *magic = "$3$";
+	static char passwd[120];
+	u_int16_t unipw[128];
+	char final[MD4_SIZE*2 + 1];
+	u_char hash[MD4_SIZE];
+	const char *s;
+	MD4_CTX	ctx;
+  
+	bzero(unipw, sizeof(unipw)); 
+	/* convert to unicode (thanx Archie) */
+	unipwLen = 0;
+	for (s = pw; unipwLen < sizeof(unipw) / 2 && *s; s++)
+		unipw[unipwLen++] = htons(*s << 8);
+        
+	/* Compute MD4 of Unicode password */
+ 	MD4Init(&ctx);
+	MD4Update(&ctx, (u_char *)unipw, unipwLen*sizeof(u_int16_t));
+	MD4Final(hash, &ctx);  
+	
+	for (i = j = 0; i < MD4_SIZE; i++) {
+		final[j++] = hexconvtab[hash[i] >> 4];
+		final[j++] = hexconvtab[hash[i] & 15];
+	}
+	final[j] = '\0';
+
+	strcpy(passwd, magic);
+	strcat(passwd, "$");
+	strncat(passwd, final, MD4_SIZE*2);
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof(final));
+
+	return (passwd);
+}

lib/libcrypt/crypt.3

@@ -62,6 +62,9 @@ Currently these include the
 .Tn NBS
 .Tn Data Encryption Standard (DES) ,
 .Tn MD5
+hash,
+.Tn NT-Hash
+(compatible with Microsoft's NT scheme)
 and
 .Tn Blowfish .
 The algorithm used will depend upon the format of the Salt (following
@@ -178,11 +181,13 @@ Currently supported algorithms are:
 MD5
 .It
 Blowfish
+.It
+NT-Hash
 .El
 .Pp
 Other crypt formats may be easily added.  An example salt would be:
 .Bl -tag -offset indent
-.It Cm "$3$thesalt$rest"
+.It Cm "$4$thesalt$rest"
 .El
 .Pp
 .Ss "Traditional" crypt:
@@ -213,9 +218,10 @@ Valid values are
 .\" NOTICE: Also make sure to update this, too, as well
 .\"
 .Ql des ,
-.Ql blf
+.Ql blf ,
+.Ql md5
 and
-.Ql md5 .
+.Ql nth .
 .Pp
 The
 .Fn crypt_set_format
@@ -253,6 +259,12 @@ function returns a pointer to static data, and subsequent calls to
 will modify the same data.  Likewise,
 .Fn crypt_set_format
 modifies static data.
+.Pp
+The NT-hash scheme does not use a salt,
+and is not hard
+for a competent attacker
+to break.
+Its use is not recommended.
 .Sh HISTORY
 A rotor-based
 .Fn crypt
@@ -276,6 +288,7 @@ Originally written by
 later additions and changes by
 .An Poul-Henning Kamp ,
 .An Mark R V Murray ,
+.An Michael Bretterklieber ,
 .An Kris Kennaway ,
 .An Brian Feldman ,
 .An Paul Herman

lib/libcrypt/crypt.c

@@ -57,6 +57,11 @@ static const struct {
 		"$2"
 	},
 #endif
+	{
+		"nth",
+		crypt_nthash,
+		"$3$"
+	},
 	{
 		NULL,
 		NULL,

lib/libcrypt/crypt.h

@@ -1,3 +1,4 @@
+/* LINTLIBRARY */
 /*
  * Copyright (c) 1999
  *      Mark Murray.  All rights reserved.
@@ -28,11 +29,12 @@
  */
 
 /* magic sizes */
+#define MD4_SIZE 16
 #define MD5_SIZE 16
 
 char *crypt_des(const char *pw, const char *salt);
 char *crypt_md5(const char *pw, const char *salt);
+char *crypt_nthash(const char *pw, const char *salt);
 char *crypt_blowfish(const char *pw, const char *salt);
 
 extern void _crypt_to64(char *s, u_long v, int n);
-